Hello community,
here is the log from the commit of package inn for openSUSE:Factory checked in
at 2012-09-14 12:26:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/inn (Old)
and /work/SRC/openSUSE:Factory/.inn.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "inn", Maintainer is "m...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/inn/inn.changes 2012-06-26 15:52:52.000000000
+0200
+++ /work/SRC/openSUSE:Factory/.inn.new/inn.changes 2012-09-14
12:26:54.000000000 +0200
@@ -1,0 +2,6 @@
+Tue Sep 4 17:22:48 CEST 2012 - m...@suse.de
+
+- fix starttls command injection issue [bnc#776967]
+- fix /var/run/news permission and handling.
+
+-------------------------------------------------------------------
New:
----
inn-linereset.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ inn.spec ++++++
--- /var/tmp/diff_new_pack.9VfUH4/_old 2012-09-14 12:26:55.000000000 +0200
+++ /var/tmp/diff_new_pack.9VfUH4/_new 2012-09-14 12:26:55.000000000 +0200
@@ -39,6 +39,7 @@
Source3: inn-emptydb.tar.gz
Source4: inn.reg
Patch0: inn-%{version}.diff
+Patch1: inn-linereset.diff
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#
@@ -94,7 +95,8 @@
%setup -n inn%{PatchVersion}
%setup -n inn%{PatchVersion} -D -T -a 1
%setup -n inn%{PatchVersion} -D -T -a 3
-%patch -P 0
+%patch0
+%patch1
cp -a $RPM_SOURCE_DIR/pubring.pgp .
%build
@@ -199,7 +201,7 @@
%{installroot} 0644 %{SOURCE4} $RPM_BUILD_ROOT/etc/slp.reg.d/
# /var/run/news
mkdir -p $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/
-echo "d /var/run/news 1777 root root -" >
$RPM_BUILD_ROOT/usr/lib/tmpfiles.d/inn.conf
+echo "d /var/run/news 0750 news news -" >
$RPM_BUILD_ROOT/usr/lib/tmpfiles.d/inn.conf
#
# build filelist
@@ -212,10 +214,10 @@
$0 == "/var/lib/news" { next }
{ pfx="" }
$0 == "/var/spool/news" { pfx = "%%attr(775,news,news) " }
+$0 == "/var/run/news" { pfx = "%ghost %%attr(750,news,news) "}
/\/news/ {
if (!match(pfx, /%%attr/)) pfx = "%%attr(-,news,news) " pfx
}
-$0 == "/var/run/news" { pfx = "%ghost "}
{ print "%dir " pfx $0 }
' > %{filelist}
find %{buildroot} ! -type d -printf "/%%P\n" | awk '
@@ -263,10 +265,8 @@
rm -f etc/news/newsfeeds.OLD
usr/lib/news/bin/innupgrade etc/news
fi
-# Create ghost files
-# Create tmpfiles
-if [ -x /bin/systemd-tmpfiles ]; then
- /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/inn.conf
+if ! test -d /var/run/news ; then
+ install -d -m 750 -o news -g news /var/run/news
fi
%{fillup_and_insserv inn}
%set_permissions /usr/lib/news/bin/innbind /usr/lib/news/bin/inews
/usr/lib/news/bin/rnews
++++++ inn-linereset.diff ++++++
--- ./nnrpd/line.c.orig 2010-03-24 20:10:36.000000000 +0000
+++ ./nnrpd/line.c 2012-09-04 15:41:37.000000000 +0000
@@ -67,6 +67,17 @@ line_init(struct line *line)
}
/*
+** Reset a line structure
+*/
+void
+line_reset(struct line *line)
+{
+ assert(line);
+ line->where = line->start;
+ line->remaining = 0;
+}
+
+/*
** Timeout is used only if HAVE_SSL is defined.
*/
static ssize_t
--- ./nnrpd/misc.c.orig 2010-03-24 20:10:36.000000000 +0000
+++ ./nnrpd/misc.c 2012-09-04 15:43:19.000000000 +0000
@@ -518,5 +518,8 @@ CMDstarttls(int ac UNUSED, char *av[] UN
GRPcount = 0;
PERMgroupmadeinvalid = false;
}
+
+ /* Reset our read buffer so as to prevent plaintext command injection. */
+ line_reset(&NNTPline);
}
#endif /* HAVE_SSL */
--- ./nnrpd/nnrpd.h.orig 2010-03-24 20:10:36.000000000 +0000
+++ ./nnrpd/nnrpd.h 2012-09-04 15:42:15.000000000 +0000
@@ -292,6 +292,7 @@ void PY_dynamic_init (char* file);
void line_free(struct line *);
void line_init(struct line *);
+void line_reset(struct line *);
READTYPE line_read(struct line *, int, const char **, size_t *, size_t *);
#ifdef HAVE_SASL
--- ./nnrpd/sasl.c.orig 2012-09-04 15:43:27.000000000 +0000
+++ ./nnrpd/sasl.c 2012-09-04 15:44:22.000000000 +0000
@@ -326,6 +326,9 @@ SASLauth(int ac, char *av[])
GRPcount = 0;
PERMgroupmadeinvalid = false;
}
+
+ /* Reset our read buffer so as to prevent plaintext command
injection. */
+ line_reset(&NNTPline);
}
} else {
/* Failure. */
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
